store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Fri Oct 24, 2014 3:00 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 14 posts ] 
Author Message
 Post subject: css not loading - ASL-Lite
Unread postPosted: Mon Mar 14, 2011 11:46 am 
Offline
Forum User
Forum User

Joined: Thu Mar 10, 2011 11:15 am
Posts: 8
Location: massachusetts
Just starting with ASL-Lite on an existing site and trying to figure out some of the glitches. It looks like sometimes the pages are loading without the css but not all the time. Has anyone seen this before? I see no error in the logs.


Top
 Profile  
 
 Post subject: Re: css not loading - ASL-Lite
Unread postPosted: Mon Mar 14, 2011 2:41 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3657
Location: Chantilly, VA
What do you see in your audit_log?

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: css not loading - ASL-Lite
Unread postPosted: Mon Mar 14, 2011 3:11 pm 
Offline
Forum User
Forum User

Joined: Thu Mar 10, 2011 11:15 am
Posts: 8
Location: massachusetts
There is nothing that would indicate an error at:
/etc/httpd/logs/audit_log
or
/var/asl/data/audit/20110314


Top
 Profile  
 
 Post subject: Re: css not loading - ASL-Lite
Unread postPosted: Mon Mar 14, 2011 3:36 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3657
Location: Chantilly, VA
So no events, if so then modsecurity isnt blocking anything and isnt the cause. Thats assuming your system is logging modsec events, just to be sure, do a quick test to see if its logged:

wget http://localhost/foo.php?foo=http://www ... e.com/test

And see if you get an audit event for that.

What rules do you have loaded?

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: css not loading - ASL-Lite
Unread postPosted: Mon Mar 14, 2011 5:50 pm 
Offline
Forum User
Forum User

Joined: Thu Mar 10, 2011 11:15 am
Posts: 8
Location: massachusetts
Yes, the system is logging modsec events.
It seems like the css not loading and now also blank php pages happen when our IP is whitelisted.
I'm using the default rules.


Top
 Profile  
 
 Post subject: Re: css not loading - ASL-Lite
Unread postPosted: Mon Mar 14, 2011 8:30 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3657
Location: Chantilly, VA
OK, so logging is setup right. What web server are you using?

If you are using Apache, and the modsecurity rules arent logging anything then they arent blocking anything. If you are using Litespeed, see this article:

https://www.atomicorp.com/wiki/index.php/Litespeed

If you are using Apache, are you using the redaction rules by any chance? Anything with the names:

99_asl_a_redactor.conf
99_asl_redactor.conf
99_asl_redactor_post.conf

If you aren't using ASL, then dont load those. Your need ASL for those rules to work.

If you dont have any of the redactor rules loaded, and you dont see modsecurity blocking anything then you can rule out the rules as the cause.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: css not loading - ASL-Lite
Unread postPosted: Tue Mar 15, 2011 11:16 am 
Offline
Forum User
Forum User

Joined: Thu Mar 10, 2011 11:15 am
Posts: 8
Location: massachusetts
I'm using Apache and yes logging is set up and working.

In /etc/asl/config I have this:
MODSEC_99_REDACTOR="yes"
Does this mean I'm using the redaction rules?

There are no redaction rules in /etc/httpd/modsecurity.d.

In /var/asl/rules/modsec I have:
99_asl_a_redactor.conf
99_asl_redactor.conf
99_asl_redactor_post.conf

Should I get rid of them if I'm just using ASL-Lite?


Top
 Profile  
 
 Post subject: Re: css not loading - ASL-Lite
Unread postPosted: Tue Mar 15, 2011 12:03 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3657
Location: Chantilly, VA
I believe you are using cpanel (correct me if I'm wrong), if so just make sure that your cpanel apache configs are not loading the redactor rules. You can ignore them being anywhere else, ASL-Lite will still download them.

But they shouldnt be loaded by default, so its extremely unlikely this is your issue. So have you tried disabling mod_security to see if that is in fact the source of your issue?

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: css not loading - ASL-Lite
Unread postPosted: Tue Mar 15, 2011 2:21 pm 
Offline
Forum User
Forum User

Joined: Thu Mar 10, 2011 11:15 am
Posts: 8
Location: massachusetts
I'm not using cpanel.
The pattern seems to be that when our IP is whitelisted pages sometimes load strangely or sometimes not at all with no message in the logs (on normal pages like index.php, not on urls that might get caught by the rules). If I take our IP out of the whitelist and restart apache the pages load as expected again.


Top
 Profile  
 
 Post subject: Re: css not loading - ASL-Lite
Unread postPosted: Tue Mar 15, 2011 2:58 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3657
Location: Chantilly, VA
Hmmm, so if its whitelisting, then its not the rules. Sounds like something else, maybe an issue with a module or build or library. As you aren't using ASL, what version of mod_security are you using?

Are you using some other module that might be blocking something, like suhosin, mod_evasive, etc?

And what do you see when you put mod_security into debug mode?

Also, are you triggering some rules that is requiring you to whitelist those systems?

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: css not loading - ASL-Lite
Unread postPosted: Wed Mar 16, 2011 8:55 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7942
Location: earth
Are you using mod_security from the atomic channel? Or did you roll your own?


Top
 Profile  
 
 Post subject: Re: css not loading - ASL-Lite
Unread postPosted: Thu Mar 17, 2011 11:14 am 
Offline
Forum User
Forum User

Joined: Thu Mar 10, 2011 11:15 am
Posts: 8
Location: massachusetts
Scott, yes I am using mod_security from atomic channel.


Top
 Profile  
 
 Post subject: Re: css not loading - ASL-Lite
Unread postPosted: Thu Mar 17, 2011 11:21 am 
Offline
Forum User
Forum User

Joined: Thu Mar 10, 2011 11:15 am
Posts: 8
Location: massachusetts
MikeShinn,
Looks like in /etc/asl/VERSION I have the line MODSEC_VERSION=201103161326
I'm not using any other modules like suhosin or mod_evasive that might be blocking something.
I'm not sure how to put mod_security into debug mode.
Yes, I was trying to whitelist because one of our applications used only by internal users is tripping some rules. I'm trying to figure out if it is a false positive or if it is sloppy coding.


Top
 Profile  
 
 Post subject: Re: css not loading - ASL-Lite
Unread postPosted: Thu Mar 17, 2011 12:50 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3657
Location: Chantilly, VA
OK, since you arent using ASL, is it safe to assume you setup your own modsecurity configuration? If you did, did you follow the instructions at the link below to configure it:

https://www.atomicorp.com/wiki/index.ph ... rity_Rules

Is your configuration exactly as described on that page? If not, what is changed?

Are you using any other rules?

Have you modified any of the rules?

modsecurity will always log anything it does, so if its not logging anything something is either wrong with its configuration, or something else is causing your 404s.

And make sure you are checking /var/log/http/audit_log, the Apache error_log is of no help.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 14 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group